{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"IBM System Storage DS3524, type 1746 ;","product":{"name":"N/A","vendor":{"name":"IBM","scada":false}}},{"description":"IBM System Storage DS3400, type 1726 ;","product":{"name":"N/A","vendor":{"name":"IBM","scada":false}}},{"description":"IBM System Storage DS5020 Disk Controller (1814-20A) ;","product":{"name":"N/A","vendor":{"name":"IBM","scada":false}}},{"description":"IBM System Storage DS3512, type 1746 ;","product":{"name":"N/A","vendor":{"name":"IBM","scada":false}}},{"description":"DS4800 Storage Server, type 1814 ;","product":{"name":"N/A","vendor":{"name":"IBM","scada":false}}},{"description":"DS4200 Storage Server, type 1814 ;","product":{"name":"N/A","vendor":{"name":"IBM","scada":false}}},{"description":"DS4400 (FAStT700) Storage Server, type 1742 ;","product":{"name":"N/A","vendor":{"name":"IBM","scada":false}}},{"description":"IBM System Storage DS5100 Storage Controller, type 1818 ;","product":{"name":"N/A","vendor":{"name":"IBM","scada":false}}},{"description":"IBM System Storage DS3950 Express, type 1814 ;","product":{"name":"N/A","vendor":{"name":"IBM","scada":false}}},{"description":"IBM System Storage DS3300, type 1726 ;","product":{"name":"N/A","vendor":{"name":"IBM","scada":false}}},{"description":"DS4700 Storage Server, type 1814 ( alimentations DC );","product":{"name":"N/A","vendor":{"name":"IBM","scada":false}}},{"description":"DS4500 (FAStT900) Storage Server, type 1742 ;","product":{"name":"N/A","vendor":{"name":"IBM","scada":false}}},{"description":"DS4700 Storage Server, type 1814 ;","product":{"name":"N/A","vendor":{"name":"IBM","scada":false}}},{"description":"DS4300 (FAStT600) Dual-Controller et Turbo Storage Server, type 1722 ;","product":{"name":"N/A","vendor":{"name":"IBM","scada":false}}},{"description":"IBM System Storage DS3200, type 1726 ;","product":{"name":"N/A","vendor":{"name":"IBM","scada":false}}},{"description":"IBM System Storage DS5300 Storage Controller, type 1818.","product":{"name":"N/A","vendor":{"name":"IBM","scada":false}}},{"description":"DS4100 (FAStT100) Dual-Controller Storage Server, type 1724 ;","product":{"name":"N/A","vendor":{"name":"IBM","scada":false}}},{"description":"IBM System Storage DCS3700 Storage Subsystem, type 1818, mod\u00e8le 80C ;","product":{"name":"N/A","vendor":{"name":"IBM","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2012-2172","url":"https://www.cve.org/CVERecord?id=CVE-2012-2172"},{"name":"CVE-2012-2171","url":"https://www.cve.org/CVERecord?id=CVE-2012-2171"}],"links":[],"reference":"CERTA-2012-AVI-349","revisions":[{"description":"version initiale.","revision_date":"2012-06-22T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance"}],"summary":"Deux vuln\u00e9rabilit\u00e9 ont \u00e9t\u00e9 corrig\u00e9es par IBM pour les produits <span\nclass=\"textit\">Storage Server</span>. La premi\u00e8re (CVE-2012-2171) permet\n\u00e0 un utilisateur malveillant d'injecter et d'ex\u00e9cuter du code SQL\narbitraire \u00e0 distance. La seconde (CVE-2012-2172) permet \u00e0 un attaquant\nde r\u00e9aliser de l'injection de code indirecte \u00e0 distance.\n","title":"Vuln\u00e9rabilit\u00e9s dans IBM System Storage DS Storage Manager","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM H206045 du 15 juin 2012","url":"http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5090850&brandind=5000028"}]}